Thread: Popups about viruses and spyware anytime anything is done on the computer.
View Single Post
Old 07-28-2008, 06:40 PM   #1 (permalink)
jerrinator
Registered User
 
Join Date: Jul 2008
Posts: 25
OS: win xp


Popups about viruses and spyware anytime anything is done on the computer.
Hi....actually I posted in this forum already and had it resolved. One week of holiday travel and I come back to see my computer messed up again (I think it has something to do with someone using a keygen on my computer and I know things like that is just asking for trouble). The SystemGuard from McAfee keeps disabling and whenever I open the My Documents or anything in windows explorer, a window pops up. I atttached a copy of the message that I saw.
When I click no, it takes me to this link.



Which does not open because another thing comes up and says that the website is web forgery.

The Deckard Scanner doesnt produce and extra.txt log however the main is right here.....also the panda active scan is here as well. Thank you so much and I await further Insrtuctions.

Deckard's System Scanner v20071014.68
Run by Del User on 2008-07-28 19:45:24
Computer is in Normal Mode.
--------------------------------------------------------------------------------

Total Physical Memory: 503 MiB (512 MiB recommended).


-- HijackThis (run as Del User.exe) --------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:46:43 PM, on 7/28/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\McAfee\MBK\MBackMonitor.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\Program Files\McAfee\VirusScan\McShield.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Program Files\SiteAdvisor\6261\SAService.exe
C:\WINDOWS\system32\svchost.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\SiteAdvisor\6261\SiteAdv.exe
C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\FlashGet\FlashGet.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\WINDOWS\system32\HPZipm12.exe
c:\PROGRA~1\mcafee\msc\mcuimgr.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Documents and Settings\Del User\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\DELUSE~1.EXE

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: McAntiPhishingBHO - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - c:\PROGRA~1\mcafee\msk\mcapbho.dll
O2 - BHO: BHO.ext2 - {401F4B6B-3C36-4E8D-BC07-F46FC6D67D9A} - C:\WINDOWS\system32\iexfil.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Skype Control Class - {9018F6A8-2495-45DF-9F16-C738F8F3C8FF} - C:\WINDOWS\system32\SkypeComm.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [SiteAdvisor] "C:\Program Files\SiteAdvisor\6261\SiteAdv.exe"
O4 - HKLM\..\Run: [McENUI] C:\PROGRA~1\McAfee\MHN\McENUI.exe /hide
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [McAfee Backup] C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe
O4 - HKLM\..\Run: [MBkLogOnHook] C:\Program Files\McAfee\MBK\LogOnHook.exe
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [Flashget] "C:\Program Files\FlashGet\FlashGet.exe" /min
O4 - HKLM\..\RunOnce: [SpybotDeletingA4527] command /c del "C:\WINDOWS\SchedLgU.Txt"
O4 - HKLM\..\RunOnce: [SpybotDeletingC7888] cmd /c del "C:\WINDOWS\SchedLgU.Txt"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKCU\..\Run: [DelayShred] c:\PROGRA~1\mcafee\mshr\ShrCL.EXE /P7 /q C:\DOCUME~1\DELUSE~1\LOCALS~1\TEMPOR~1\Content.IE5\9RCW2TNB\FAVICO~1.SH! C:\DOCUME~1\DELUSE~1\LOCALS~1\TEMPOR~1\Content.IE5\M7Y7A8YJ\FAVICO~1.SH! C:\DOCUME~1\DELUSE~1\LOCALS~1\TEMPOR~1\Content.IE5\9RCW2TNB\FAVICO~2.SH! C:\DOCUME~1\DELUSE~1\LOCALS~1\TEMPOR~1\Content.IE5\M7Y7A8YJ\FAVICO~2.SH! C:\DOCUME~1\DELUSE~1\LOCALS~1\TEMPOR~1\Content.IE5\9RCW2TNB\FAVICO~3.SH! C:\DOCUME~1\DELUSE~1\LOCALS~1\TEMPOR~1\Content.IE5\BD24A8XX\FAVICO~1.SH! C:\DOCUME~1\DELUSE~1\LOCALS~1\TEMPOR~1\Content.IE5\M7Y7A8YJ\FAVICO~3.SH! C:\DOCUME~1\DELUSE~1\LOCALS~1\TEMPOR~1\Content.IE5\BD24A8XX\IE7PNG~1.SH! C:\DOCUME~1\DELUSE~1\LOCALS~1\TEMPOR~1\Content.IE5\B9JS2FE5\FAVICO~2.SH! C:\DOCUME~1\DELUSE~1\LOCALS~1\TEMPOR~1\Content.IE5\B9JS2FE5\OPENSE~1.SH! C:\DOCUME~1\DELUSE~1\LOCALS~1\TEMPOR~1\Content.IE5\9RCW2TNB\FAVICO~4.SH! C:\DOCUME~1\DELUSE~1\LOCALS~1\TEMPOR~1\Content.IE5\B9JS2FE5\FAVICO~3.SH! C:\DOCUME~1\DELUSE~1\LOCALS~1\TEMPOR~1\Content.IE5\BD24A8XX\FAVICO~4.SH! C:\
O4 - HKCU\..\RunOnce: [SpybotDeletingB9232] command /c del "C:\WINDOWS\SchedLgU.Txt"
O4 - HKCU\..\RunOnce: [SpybotDeletingD8198] cmd /c del "C:\WINDOWS\SchedLgU.Txt"
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://*.mcafee.com
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/sh...1/mcinsctl.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MBackMonitor - McAfee - C:\Program Files\McAfee\MBK\MBackMonitor.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\McShield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SiteAdvisor Service - Unknown owner - C:\Program Files\SiteAdvisor\6261\SAService.exe

--
End of file - 12774 bytes

-- Files created between 2008-06-28 and 2008-07-28 -----------------------------

2008-07-28 11:07:41 18944 --a------ C:\WINDOWS\system32\iexfil.dll
2008-07-27 11:03:33 0 d-------- C:\Program Files\MSECache
2008-07-26 16:26:39 0 d-------- C:\Program Files\Windows Desktop Search
2008-07-26 16:26:38 0 d-------- C:\WINDOWS\system32\GroupPolicy
2008-07-25 03:12:59 0 d-------- C:\Documents and Settings\All Users\Application Data\FLEXnet
2008-07-25 02:44:14 0 d-------- C:\Program Files\Common Files\Macrovision Shared
2008-07-25 00:32:47 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-07-24 14:00:41 0 d-------- C:\Documents and Settings\Del User\Application Data\Reallusion
2008-07-24 13:58:57 0 d-------- C:\Program Files\Common Files\Reallusion
2008-07-23 13:24:28 0 d-------- C:\Documents and Settings\Del User\Application Data\fltk.org
2008-07-19 03:07:36 0 d-------- C:\WINDOWS\Prefetch
2008-07-18 23:49:33 0 d-------- C:\WINDOWS\system32\scripting
2008-07-18 23:49:32 0 d-------- C:\WINDOWS\l2schemas
2008-07-18 23:49:30 0 d-------- C:\WINDOWS\system32\en
2008-07-18 23:49:30 0 d-------- C:\WINDOWS\system32\bits
2008-07-18 23:45:41 0 d-------- C:\WINDOWS\ServicePackFiles
2008-07-18 23:36:16 0 d-------- C:\WINDOWS\EHome
2008-07-18 22:29:46 0 d-------- C:\Program Files\Safari
2008-07-17 22:04:29 0 d-------- C:\Program Files\Common Files\Java
2008-07-17 00:07:54 0 d-------- C:\cmdcons
2008-07-15 21:22:49 0 d-------- C:\Documents and Settings\Del User\.housecall6.6
2008-07-15 20:59:28 0 d-------- C:\Documents and Settings\Del User\Application Data\HouseCall 6.6
2008-07-14 23:47:49 0 d-------- C:\Program Files\Common Files\xing shared
2008-07-13 17:40:28 0 d-------- C:\ie-spyad_zo
2008-07-13 17:04:57 0 d-------- C:\Program Files\SpywareBlaster
2008-07-13 15:44:47 0 d-------- C:\Program Files\Panda Security
2008-07-11 00:13:09 0 d-------- C:\Program Files\Trend Micro
2008-07-10 21:26:10 64324 --ah----- C:\WINDOWS\system32\mlfcache.dat
2008-07-10 21:07:17 0 d-------- C:\Program Files\iPod
2008-07-10 21:07:06 0 d-------- C:\Program Files\iTunes
2008-07-10 20:56:30 0 d-------- C:\Program Files\QuickTime
2008-07-10 15:18:36 0 d-------- C:\Documents and Settings\All Users\Application Data\NOS
2008-07-10 15:18:09 0 d-------- C:\Program Files\NOS
2008-07-09 21:46:50 0 d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-07-09 20:31:54 0 d-------- C:\Program Files\Lavasoft
2008-07-06 22:12:24 0 d-------- C:\WINDOWS\speech
2008-07-06 22:08:14 0 d-------- C:\WINDOWS\Downloaded Installations
2008-07-06 10:04:41 0 d-------- C:\Program Files\Sun
2008-07-05 13:29:27 0 d-------- C:\WINDOWS\.jagex_cache_32
2008-07-05 13:24:04 0 d-------- C:\Documents and Settings\Del User\Application Data\bang


-- Find3M Report ---------------------------------------------------------------

2008-07-28 19:43:01 0 d-------- C:\Program Files\FlashGet
2008-07-28 10:14:03 0 d-------- C:\Program Files\McAfee
2008-07-25 19:41:23 0 d-------- C:\Documents and Settings\Del User\Application Data\Adobe
2008-07-25 02:57:47 0 d-------- C:\Program Files\Common Files\Adobe
2008-07-25 02:44:14 0 d-------- C:\Program Files\Common Files
2008-07-24 21:08:24 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-07-20 21:38:49 0 d-------- C:\Documents and Settings\Del User\Application Data\SiteAdvisor
2008-07-19 00:08:00 6301 --a------ C:\WINDOWS\system32\wdkaent.dll
2008-07-19 00:07:58 155648 --a------ C:\WINDOWS\system32\SkypeComm.dll <Not Verified; ; Skype Communication>
2008-07-18 23:50:06 0 d-------- C:\Program Files\Messenger
2008-07-18 23:49:30 0 d-------- C:\Program Files\Movie Maker
2008-07-18 23:45:22 0 d-------- C:\Program Files\Windows NT
2008-07-17 22:10:23 20480 --a------ C:\WINDOWS\system32\mssockah.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-07-17 2258 0 d-------- C:\Program Files\Java
2008-07-14 23:54:41 0 d-------- C:\Documents and Settings\Del User\Application Data\Real
2008-07-14 23:45:30 0 d-------- C:\Program Files\Common Files\Real
2008-07-13 18:16:29 0 d--h----- C:\Program Files\WindowsUpdate
2008-07-13 15:28:02 0 d-------- C:\Program Files\Real
2008-07-11 00:07:45 0 d-------- C:\Program Files\DivX
2008-07-10 21:18:00 0 d-------- C:\Documents and Settings\Del User\Application Data\Apple Computer
2008-07-10 13:46:37 0 d-------- C:\Documents and Settings\Del User\Application Data\Mozilla
2008-07-09 01:32:14 0 d-------- C:\Program Files\FLV to AVI MPEG WMV 3GP MP4 iPod Converter
2008-07-06 22:57:13 0 d-------- C:\Program Files\Google
2008-06-26 14:45:52 0 d-------- C:\Program Files\bfgclient
2008-06-23 22:18:11 0 d-------- C:\Documents and Settings\Del User\Application Data\Google
2008-06-23 19:15:31 413696 --a------ C:\WINDOWS\system32\wrap_oal.dll <Not Verified; Creative Labs; Creative Labs OpenAL32>
2008-06-23 19:15:31 110592 --a------ C:\WINDOWS\system32\OpenAL32.dll <Not Verified; Portions (C) Creative Labs Inc. and NVIDIA Corp.; Standard OpenAL(TM) Library>
2008-06-23 18:53:13 0 d-------- C:\Program Files\OpenAL
2008-06-23 15:57:25 0 d-------- C:\Documents and Settings\Del User\Application Data\McAfee
2008-06-20 20:46:29 0 --a------ C:\WINDOWS\PowerReg.dat
2008-06-11 21:00:06 0 d-------- C:\Documents and Settings\Del User\Application Data\PowerChallenge
2008-06-07 11:49:13 0 d-------- C:\Documents and Settings\Del User\Application Data\MiniDm
2008-06-07 11:48:21 0 d-------- C:\Documents and Settings\Del User\Application Data\IEPro
2008-06-01 13:01:39 0 d-------- C:\Program Files\Microsoft Works
2008-05-30 21:09:37 0 d-------- C:\Program Files\Web Publish
2008-05-30 20:21:14 0 d-------- C:\Program Files\Common Files\Broderbund
2008-05-30 20:10:00 0 d-------- C:\Program Files\Broderbund
2008-05-30 19:39:41 0 d-------- C:\Program Files\Common Files\L&H
2008-05-30 19:39:07 0 d-------- C:\Program Files\Microsoft ActiveSync
2008-05-30 19:36:27 0 d-------- C:\Program Files\Microsoft.NET
2008-05-28 17:55:21 0 d-------- C:\Program Files\Common Files\Nero
2008-05-28 14:56:12 0 d-------- C:\Program Files\Common Files\Sonic Shared
2008-05-28 14:56:08 0 d-------- C:\Program Files\Roxio
2008-05-18 13:56:38 1533 --a------ C:\WINDOWS\mozver.dat
2008-05-05 08:48:00 283 --a------ C:\WINDOWS\system32\installerror.dat


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{377C180E-6F0E-4D4C-980F-F45BD3D40CF4}]
11/26/2007 10:46 AM 324936 --a------ c:\PROGRA~1\mcafee\msk\mcapbho.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{401F4B6B-3C36-4E8D-BC07-F46FC6D67D9A}]
07/28/2008 11:07 AM 18944 --a------ C:\WINDOWS\system32\iexfil.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9018F6A8-2495-45DF-9F16-C738F8F3C8FF}]
07/19/2008 12:07 AM 155648 --a------ C:\WINDOWS\system32\SkypeComm.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [10/14/2005 09:49 PM]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [10/14/2005 09:46 PM]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [10/14/2005 09:50 PM]
"DMXLauncher"="C:\Program Files\Dell\Media Experience\DMXLauncher.exe" [10/05/2005 04:12 AM]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [07/27/2004 05:50 PM]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [07/27/2004 05:50 PM]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [02/19/2006 02:41 AM]
"dscactivate"="C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe" [11/15/2007 09:24 AM]
"MSKDetectorExe"="C:\Program Files\McAfee\SpamKiller\MSKDetct.exe" [07/12/2005 08:05 PM]
"mcagent_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" [11/01/2007 07:12 PM]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [01/11/2008 10:16 PM]
"NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [12/03/2007 02:21 PM]
"SiteAdvisor"="C:\Program Files\SiteAdvisor\6261\SiteAdv.exe" [07/24/2006 04:28 PM]
"McENUI"="C:\PROGRA~1\McAfee\MHN\McENUI.exe" [11/30/2007 05:42 AM]
"NeroFilterCheck"="C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe" [03/01/2007 02:57 PM]
"McAfee Backup"="C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe" [01/16/2007 01:59 PM]
"MBkLogOnHook"="C:\Program Files\McAfee\MBK\LogOnHook.exe" [01/08/2007 11:22 AM]
"AppleSyncNotifier"="C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [07/10/2008 09:47 AM]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [05/27/2008 10:50 AM]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [07/10/2008 10:51 AM]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [07/14/2008 11:40 PM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [06/10/2008 04:27 AM]
"Flashget"="C:\Program Files\FlashGet\FlashGet.exe" [09/25/2007 04:10 AM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [04/13/2008 08:12 PM]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [10/18/2007 11:34 AM]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [12/13/2007 07:10 PM]
"DelayShred"="c:\PROGRA~1\mcafee\mshr\ShrCL.exe" [12/04/2007 01:32 PM]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\runonce]
"SpybotDeletingB9232"=command /c del "C:\WINDOWS\SchedLgU.Txt"
"SpybotDeletingD8198"=cmd /c del "C:\WINDOWS\SchedLgU.Txt"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonce]
"SpybotDeletingA4527"=command /c del "C:\WINDOWS\SchedLgU.Txt"
"SpybotDeletingC7888"=cmd /c del "C:\WINDOWS\SchedLgU.Txt"

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [4/11/2006 11:12:27 PM]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2/19/2006 4:21:22 AM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=0 (0x0)
"HideStartupScripts"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=0 (0x0)
"HideStartupScripts"=0 (0x0)
"disableregistrytools"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\dimsntfy]
C:\WINDOWS\System32\dimsntfy.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
eapsvcs eaphost
dot3svc dot3svc

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
napagent
hkmsvc


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{07389ec4-97ab-11dc-9dd3-001320e1b455}]
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Recycled\ctfmon.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{589220f5-72c0-11dc-9dc6-001320e1b455}]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9b74a7e1-b6e2-11dc-9de5-001320e1b455}]
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Recycled\ctfmon.exe




-- End of Deckard's System Scanner: finished at 2008-07-28 19:47:26 ------------



This is the panda active scan log.
;***********************************************************************************************************************************************************************************
ANALYSIS: 2008-07-28 19:37:22
PROTECTIONS: 2
MALWARE: 2
SUSPECTS: 1
;***********************************************************************************************************************************************************************************
PROTECTIONS
Description Version Active Updated
;===================================================================================================================================================================================
McAfee Internet Security Suite 2007 8.1 No Yes
McAfee VirusScan Plus 12.1 No No
;===================================================================================================================================================================================
MALWARE
Id Description Type Active Severity Disinfectable Disinfected Location
;===================================================================================================================================================================================
00168110 Cookie/Server.iad.Liveperson TrackingCookie No 0 Yes No C:\Documents and Settings\Del User\Cookies\del_user@server.iad.liveperson[1].txt
03363135 Adware/BHO Adware Yes 1 Yes No C:\WINDOWS\system32\iexfil.dll
;===================================================================================================================================================================================
SUSPECTS
Sent Location
;===================================================================================================================================================================================
No C:\Documents and Settings\Del User\My Documents\BiR Data\Programs and Installers (BASIC)\Quicktime Pro Keygen\Keygen.rar[Keygen.exe]
;===================================================================================================================================================================================
VULNERABILITIES
Id Severity Description
;===================================================================================================================================================================================
;===================================================================================================================================================================================
Attached Images
File Type: jpg popup.JPG (21.8 KB, 6 views)
Last edited by tetonbob; 07-28-2008 at 08:39 PM. Reason: malware link removed
jerrinator is offline  
Important Information
Join the #1 Tech Support Forum Today - It's Totally Free!

TechSupportForum.com is a leading support website for your computer needs. We offer free, friendly and personalized computer support. Why pay to have your computer fixed when you can do it for free.

Join TechSupportforum.com Today - Click Here